OT: Windows serial port sniffing
Charles Jones
charles.jones at ciscolearning.org
Mon Aug 18 08:46:49 MST 2008
This is technically a windows question, but I thought I would ask here
anyway, because many of us were hacking before MS-windows existed, and
also ran various versions of MS-windows in our time (which is why we
love Linux so much now!) and have dealt with serial ports from dealing
with modems and the like. I figured I would tell you all about a minor
problem I am thinking of tackling, and see if you had any suggestions.
I'm dealing with an RFID badge-access system that uses windows-based
administration software. Basically some software that runs on windows,
using an mssql db, and communicates with the hardware via the serial port.
The software has a function to send a timed pulse to unlock a door(s)
for X number of seconds. I'm looking for a way to do the same thing,
but from another machine so that I can use a script or even a CGI to
control the door. Yes, I realize this opens us up to someone "hacking"
their way into the office, but we also have a security system and if
they have root on our servers then we have bigger problems :) I digress...
I have some long ago experience in serial port programming. In school I
wrote a voicemail system in Turbo Pascal (heh), that controlled a POTS
line via a relay that I connected to the serial port. I remember
studying the serial port pinouts and figuring out how to control the
voltage level to each of the pins.
That being said, I have several things I have to consider:
* Is the door lock pulse simply a voltage level sent to the serial port,
or is there some sort of protocol (an actual serial connection) between
the computer and the hardware?
* Is the signal being sent just a toggle, or a specific turn on/off events?
I basically need a way to snoop the serial port to see what is being
sent, but I'm not sure of the best way to do it. If it is just voltage
levels being sent to the hardware, I could do it with just a multimeter
and figure out which pins it is activating. However, if there is an
actual serial connection (null modem or something) going on, it will be
much more difficult to observe what data is being sent. I think also you
can purchase an in-line dongle that has LEDs that will show the status
of the data lines.
I suppose one of the first things I could do is to just unplug the
serial port, and try to use any functions that talk to the hardware. If
there is any data connection required, it should complain that it is not
connected.
Theoretically I could write a small a small C++, (or even Win32 perl)
daemon that would run on the winblows machine and provide a way to
toggle the lock/unlock signal via a TCPIP connection. I may run into a
snag where, if I remember correctly, if something has control of a
serial port in Windows, no other process can open it. Maybe I could do
something sneaky like a Y-adapter and just send the signal from another
machine altogether. I wonder if I would have to use some diodes to keep
any voltage from one leg of the Y from traveling back to the other
machines serial port...hmmm
More information about the PLUG-discuss
mailing list